//===----------------------------------------------------------------------===//
//
// This source file is part of the Soto for AWS open source project
//
// Copyright (c) 2017-2024 the Soto project authors
// Licensed under Apache License v2.0
//
// See LICENSE.txt for license information
// See CONTRIBUTORS.txt for the list of Soto project authors
//
// SPDX-License-Identifier: Apache-2.0
//
//===----------------------------------------------------------------------===//

// THIS FILE IS AUTOMATICALLY GENERATED by https://github.com/soto-project/soto-codegenerator.
// DO NOT EDIT.

#if canImport(FoundationEssentials)
import FoundationEssentials
#else
import Foundation
#endif
@_spi(SotoInternal) import SotoCore

extension SSOOIDC {
    // MARK: Enums

    public enum AccessDeniedExceptionReason: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case kmsAccessDenied = "KMS_AccessDeniedException"
        public var description: String { return self.rawValue }
    }

    public enum InvalidRequestExceptionReason: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case kmsDisabledKey = "KMS_DisabledException"
        case kmsInvalidKeyUsage = "KMS_InvalidKeyUsageException"
        case kmsInvalidState = "KMS_InvalidStateException"
        case kmsKeyNotFound = "KMS_NotFoundException"
        public var description: String { return self.rawValue }
    }

    // MARK: Shapes

    public struct AccessDeniedException: AWSErrorShape {
        /// Single error code. For this exception the value will be access_denied.
        public let error: String?
        /// Human-readable text providing additional information, used to assist the client developer in understanding the error that occurred.
        public let errorDescription: String?
        /// A string that uniquely identifies a reason for the error.
        public let reason: AccessDeniedExceptionReason?

        @inlinable
        public init(error: String? = nil, errorDescription: String? = nil, reason: AccessDeniedExceptionReason? = nil) {
            self.error = error
            self.errorDescription = errorDescription
            self.reason = reason
        }

        private enum CodingKeys: String, CodingKey {
            case error = "error"
            case errorDescription = "error_description"
            case reason = "reason"
        }
    }

    public struct AuthorizationPendingException: AWSErrorShape {
        /// Single error code. For this exception the value will be authorization_pending.
        public let error: String?
        /// Human-readable text providing additional information, used to assist the client developer in understanding the error that occurred.
        public let errorDescription: String?

        @inlinable
        public init(error: String? = nil, errorDescription: String? = nil) {
            self.error = error
            self.errorDescription = errorDescription
        }

        private enum CodingKeys: String, CodingKey {
            case error = "error"
            case errorDescription = "error_description"
        }
    }

    public struct AwsAdditionalDetails: AWSDecodableShape {
        /// The trusted context assertion is signed and encrypted by STS. It provides access to sts:identity_context claim in the idToken without JWT parsing Identity context comprises information that Amazon Web Services services use to make authorization decisions when they receive requests.
        public let identityContext: String?

        @inlinable
        public init(identityContext: String? = nil) {
            self.identityContext = identityContext
        }

        private enum CodingKeys: String, CodingKey {
            case identityContext = "identityContext"
        }
    }

    public struct CreateTokenRequest: AWSEncodableShape {
        /// The unique identifier string for the client or application. This value comes from the result of the RegisterClient API.
        public let clientId: String
        /// A secret string generated for the client. This value should come from the persisted result of the RegisterClient API.
        public let clientSecret: String
        /// Used only when calling this API for the Authorization Code grant type. The short-lived code is used to identify this authorization request.
        public let code: String?
        /// Used only when calling this API for the Authorization Code grant type. This value is generated by the client and presented to validate the original code challenge value the client passed at authorization time.
        public let codeVerifier: String?
        /// Used only when calling this API for the Device Code grant type. This short-lived code is used to identify this authorization request. This comes from the result of the StartDeviceAuthorization API.
        public let deviceCode: String?
        /// Supports the following OAuth grant types: Authorization Code, Device Code, and Refresh Token. Specify one of the following values, depending on the grant type that you want: * Authorization Code - authorization_code  * Device Code - urn:ietf:params:oauth:grant-type:device_code  * Refresh Token - refresh_token
        public let grantType: String
        /// Used only when calling this API for the Authorization Code grant type. This value specifies the location of the client or application that has registered to receive the authorization code.
        public let redirectUri: String?
        /// Used only when calling this API for the Refresh Token grant type. This token is used to refresh short-lived tokens, such as the access token, that might expire. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see Considerations for Using this Guide in the IAM Identity Center OIDC API Reference.
        public let refreshToken: String?
        /// The list of scopes for which authorization is requested. This parameter has no effect; the access token will always include all scopes configured during client registration.
        public let scope: [String]?

        @inlinable
        public init(clientId: String, clientSecret: String, code: String? = nil, codeVerifier: String? = nil, deviceCode: String? = nil, grantType: String, redirectUri: String? = nil, refreshToken: String? = nil, scope: [String]? = nil) {
            self.clientId = clientId
            self.clientSecret = clientSecret
            self.code = code
            self.codeVerifier = codeVerifier
            self.deviceCode = deviceCode
            self.grantType = grantType
            self.redirectUri = redirectUri
            self.refreshToken = refreshToken
            self.scope = scope
        }

        private enum CodingKeys: String, CodingKey {
            case clientId = "clientId"
            case clientSecret = "clientSecret"
            case code = "code"
            case codeVerifier = "codeVerifier"
            case deviceCode = "deviceCode"
            case grantType = "grantType"
            case redirectUri = "redirectUri"
            case refreshToken = "refreshToken"
            case scope = "scope"
        }
    }

    public struct CreateTokenResponse: AWSDecodableShape {
        /// A bearer token to access Amazon Web Services accounts and applications assigned to a user.
        public let accessToken: String?
        /// Indicates the time in seconds when an access token will expire.
        public let expiresIn: Int?
        /// The idToken is not implemented or supported. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see Considerations for Using this Guide in the IAM Identity Center OIDC API Reference. A JSON Web Token (JWT) that identifies who is associated with the issued access token.
        public let idToken: String?
        /// A token that, if present, can be used to refresh a previously issued access token that might have expired. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see Considerations for Using this Guide in the IAM Identity Center OIDC API Reference.
        public let refreshToken: String?
        /// Used to notify the client that the returned token is an access token. The supported token type is Bearer.
        public let tokenType: String?

        @inlinable
        public init(accessToken: String? = nil, expiresIn: Int? = nil, idToken: String? = nil, refreshToken: String? = nil, tokenType: String? = nil) {
            self.accessToken = accessToken
            self.expiresIn = expiresIn
            self.idToken = idToken
            self.refreshToken = refreshToken
            self.tokenType = tokenType
        }

        private enum CodingKeys: String, CodingKey {
            case accessToken = "accessToken"
            case expiresIn = "expiresIn"
            case idToken = "idToken"
            case refreshToken = "refreshToken"
            case tokenType = "tokenType"
        }
    }

    public struct CreateTokenWithIAMRequest: AWSEncodableShape {
        /// Used only when calling this API for the JWT Bearer grant type. This value specifies the JSON Web Token (JWT) issued by a trusted token issuer. To authorize a trusted token issuer, configure the JWT Bearer GrantOptions for the application.
        public let assertion: String?
        /// The unique identifier string for the client or application. This value is an application ARN that has OAuth grants configured.
        public let clientId: String
        /// Used only when calling this API for the Authorization Code grant type. This short-lived code is used to identify this authorization request. The code is obtained through a redirect from IAM Identity Center to a redirect URI persisted in the Authorization Code GrantOptions for the application.
        public let code: String?
        /// Used only when calling this API for the Authorization Code grant type. This value is generated by the client and presented to validate the original code challenge value the client passed at authorization time.
        public let codeVerifier: String?
        /// Supports the following OAuth grant types: Authorization Code, Refresh Token, JWT Bearer, and Token Exchange. Specify one of the following values, depending on the grant type that you want: * Authorization Code - authorization_code  * Refresh Token - refresh_token  * JWT Bearer - urn:ietf:params:oauth:grant-type:jwt-bearer  * Token Exchange - urn:ietf:params:oauth:grant-type:token-exchange
        public let grantType: String
        /// Used only when calling this API for the Authorization Code grant type. This value specifies the location of the client or application that has registered to receive the authorization code.
        public let redirectUri: String?
        /// Used only when calling this API for the Refresh Token grant type. This token is used to refresh short-lived tokens, such as the access token, that might expire. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see Considerations for Using this Guide in the IAM Identity Center OIDC API Reference.
        public let refreshToken: String?
        /// Used only when calling this API for the Token Exchange grant type. This value specifies the type of token that the requester can receive. The following values are supported: * Access Token - urn:ietf:params:oauth:token-type:access_token  * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
        public let requestedTokenType: String?
        /// The list of scopes for which authorization is requested. The access token that is issued is limited to the scopes that are granted. If the value is not specified, IAM Identity Center authorizes all scopes configured for the application, including the following default scopes: openid, aws, sts:identity_context.
        public let scope: [String]?
        /// Used only when calling this API for the Token Exchange grant type. This value specifies the subject of the exchange. The value of the subject token must be an access token issued by IAM Identity Center to a different client or application. The access token must have authorized scopes that indicate the requested application as a target audience.
        public let subjectToken: String?
        /// Used only when calling this API for the Token Exchange grant type. This value specifies the type of token that is passed as the subject of the exchange. The following value is supported: * Access Token - urn:ietf:params:oauth:token-type:access_token
        public let subjectTokenType: String?

        @inlinable
        public init(assertion: String? = nil, clientId: String, code: String? = nil, codeVerifier: String? = nil, grantType: String, redirectUri: String? = nil, refreshToken: String? = nil, requestedTokenType: String? = nil, scope: [String]? = nil, subjectToken: String? = nil, subjectTokenType: String? = nil) {
            self.assertion = assertion
            self.clientId = clientId
            self.code = code
            self.codeVerifier = codeVerifier
            self.grantType = grantType
            self.redirectUri = redirectUri
            self.refreshToken = refreshToken
            self.requestedTokenType = requestedTokenType
            self.scope = scope
            self.subjectToken = subjectToken
            self.subjectTokenType = subjectTokenType
        }

        private enum CodingKeys: String, CodingKey {
            case assertion = "assertion"
            case clientId = "clientId"
            case code = "code"
            case codeVerifier = "codeVerifier"
            case grantType = "grantType"
            case redirectUri = "redirectUri"
            case refreshToken = "refreshToken"
            case requestedTokenType = "requestedTokenType"
            case scope = "scope"
            case subjectToken = "subjectToken"
            case subjectTokenType = "subjectTokenType"
        }
    }

    public struct CreateTokenWithIAMResponse: AWSDecodableShape {
        /// A bearer token to access Amazon Web Services accounts and applications assigned to a user.
        public let accessToken: String?
        /// A structure containing information from IAM Identity Center managed user and group information.
        public let awsAdditionalDetails: AwsAdditionalDetails?
        /// Indicates the time in seconds when an access token will expire.
        public let expiresIn: Int?
        /// A JSON Web Token (JWT) that identifies the user associated with the issued access token.
        public let idToken: String?
        /// Indicates the type of tokens that are issued by IAM Identity Center. The following values are supported:  * Access Token - urn:ietf:params:oauth:token-type:access_token  * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
        public let issuedTokenType: String?
        /// A token that, if present, can be used to refresh a previously issued access token that might have expired. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see Considerations for Using this Guide in the IAM Identity Center OIDC API Reference.
        public let refreshToken: String?
        /// The list of scopes for which authorization is granted. The access token that is issued is limited to the scopes that are granted.
        public let scope: [String]?
        /// Used to notify the requester that the returned token is an access token. The supported token type is Bearer.
        public let tokenType: String?

        @inlinable
        public init(accessToken: String? = nil, awsAdditionalDetails: AwsAdditionalDetails? = nil, expiresIn: Int? = nil, idToken: String? = nil, issuedTokenType: String? = nil, refreshToken: String? = nil, scope: [String]? = nil, tokenType: String? = nil) {
            self.accessToken = accessToken
            self.awsAdditionalDetails = awsAdditionalDetails
            self.expiresIn = expiresIn
            self.idToken = idToken
            self.issuedTokenType = issuedTokenType
            self.refreshToken = refreshToken
            self.scope = scope
            self.tokenType = tokenType
        }

        private enum CodingKeys: String, CodingKey {
            case accessToken = "accessToken"
            case awsAdditionalDetails = "awsAdditionalDetails"
            case expiresIn = "expiresIn"
            case idToken = "idToken"
            case issuedTokenType = "issuedTokenType"
            case refreshToken = "refreshToken"
            case scope = "scope"
            case tokenType = "tokenType"
        }
    }

    public struct ExpiredTokenException: AWSErrorShape {
        /// Single error code. For this exception the value will be expired_token.
        public let error: String?
        /// Human-readable text providing additional information, used to assist the client developer in understanding the error that occurred.
        public let errorDescription: String?

        @inlinable
        public init(error: String? = nil, errorDescription: String? = nil) {
            self.error = error
            self.errorDescription = errorDescription
        }

        private enum CodingKeys: String, CodingKey {
            case error = "error"
            case errorDescription = "error_description"
        }
    }

    public struct InternalServerException: AWSErrorShape {
        /// Single error code. For this exception the value will be server_error.
        public let error: String?
        /// Human-readable text providing additional information, used to assist the client developer in understanding the error that occurred.
        public let errorDescription: String?

        @inlinable
        public init(error: String? = nil, errorDescription: String? = nil) {
            self.error = error
            self.errorDescription = errorDescription
        }

        private enum CodingKeys: String, CodingKey {
            case error = "error"
            case errorDescription = "error_description"
        }
    }

    public struct InvalidClientException: AWSErrorShape {
        /// Single error code. For this exception the value will be invalid_client.
        public let error: String?
        /// Human-readable text providing additional information, used to assist the client developer in understanding the error that occurred.
        public let errorDescription: String?

        @inlinable
        public init(error: String? = nil, errorDescription: String? = nil) {
            self.error = error
            self.errorDescription = errorDescription
        }

        private enum CodingKeys: String, CodingKey {
            case error = "error"
            case errorDescription = "error_description"
        }
    }

    public struct InvalidClientMetadataException: AWSErrorShape {
        /// Single error code. For this exception the value will be invalid_client_metadata.
        public let error: String?
        /// Human-readable text providing additional information, used to assist the client developer in understanding the error that occurred.
        public let errorDescription: String?

        @inlinable
        public init(error: String? = nil, errorDescription: String? = nil) {
            self.error = error
            self.errorDescription = errorDescription
        }

        private enum CodingKeys: String, CodingKey {
            case error = "error"
            case errorDescription = "error_description"
        }
    }

    public struct InvalidGrantException: AWSErrorShape {
        /// Single error code. For this exception the value will be invalid_grant.
        public let error: String?
        /// Human-readable text providing additional information, used to assist the client developer in understanding the error that occurred.
        public let errorDescription: String?

        @inlinable
        public init(error: String? = nil, errorDescription: String? = nil) {
            self.error = error
            self.errorDescription = errorDescription
        }

        private enum CodingKeys: String, CodingKey {
            case error = "error"
            case errorDescription = "error_description"
        }
    }

    public struct InvalidRedirectUriException: AWSErrorShape {
        /// Single error code. For this exception the value will be invalid_redirect_uri.
        public let error: String?
        /// Human-readable text providing additional information, used to assist the client developer in understanding the error that occurred.
        public let errorDescription: String?

        @inlinable
        public init(error: String? = nil, errorDescription: String? = nil) {
            self.error = error
            self.errorDescription = errorDescription
        }

        private enum CodingKeys: String, CodingKey {
            case error = "error"
            case errorDescription = "error_description"
        }
    }

    public struct InvalidRequestException: AWSErrorShape {
        /// Single error code. For this exception the value will be invalid_request.
        public let error: String?
        /// Human-readable text providing additional information, used to assist the client developer in understanding the error that occurred.
        public let errorDescription: String?
        /// A string that uniquely identifies a reason for the error.
        public let reason: InvalidRequestExceptionReason?

        @inlinable
        public init(error: String? = nil, errorDescription: String? = nil, reason: InvalidRequestExceptionReason? = nil) {
            self.error = error
            self.errorDescription = errorDescription
            self.reason = reason
        }

        private enum CodingKeys: String, CodingKey {
            case error = "error"
            case errorDescription = "error_description"
            case reason = "reason"
        }
    }

    public struct InvalidRequestRegionException: AWSErrorShape {
        /// Indicates the IAM Identity Center endpoint which the requester may call with this token.
        public let endpoint: String?
        /// Single error code. For this exception the value will be invalid_request.
        public let error: String?
        /// Human-readable text providing additional information, used to assist the client developer in understanding the error that occurred.
        public let errorDescription: String?
        /// Indicates the region which the requester may call with this token.
        public let region: String?

        @inlinable
        public init(endpoint: String? = nil, error: String? = nil, errorDescription: String? = nil, region: String? = nil) {
            self.endpoint = endpoint
            self.error = error
            self.errorDescription = errorDescription
            self.region = region
        }

        private enum CodingKeys: String, CodingKey {
            case endpoint = "endpoint"
            case error = "error"
            case errorDescription = "error_description"
            case region = "region"
        }
    }

    public struct InvalidScopeException: AWSErrorShape {
        /// Single error code. For this exception the value will be invalid_scope.
        public let error: String?
        /// Human-readable text providing additional information, used to assist the client developer in understanding the error that occurred.
        public let errorDescription: String?

        @inlinable
        public init(error: String? = nil, errorDescription: String? = nil) {
            self.error = error
            self.errorDescription = errorDescription
        }

        private enum CodingKeys: String, CodingKey {
            case error = "error"
            case errorDescription = "error_description"
        }
    }

    public struct RegisterClientRequest: AWSEncodableShape {
        /// The friendly name of the client.
        public let clientName: String
        /// The type of client. The service supports only public as a client type. Anything other than public will be rejected by the service.
        public let clientType: String
        /// This IAM Identity Center application ARN is used to define administrator-managed configuration for public client access to resources. At authorization, the scopes, grants, and redirect URI available to this client will be restricted by this application resource.
        public let entitledApplicationArn: String?
        /// The list of OAuth 2.0 grant types that are defined by the client. This list is used to restrict the token granting flows available to the client. Supports the following OAuth 2.0 grant types: Authorization Code, Device Code, and Refresh Token.  * Authorization Code - authorization_code  * Device Code - urn:ietf:params:oauth:grant-type:device_code  * Refresh Token - refresh_token
        public let grantTypes: [String]?
        /// The IAM Identity Center Issuer URL associated with an instance of IAM Identity Center. This value is needed for user access to resources through the client.
        public let issuerUrl: String?
        /// The list of redirect URI that are defined by the client. At completion of authorization, this list is used to restrict what locations the user agent can be redirected back to.
        public let redirectUris: [String]?
        /// The list of scopes that are defined by the client. Upon authorization, this list is used to restrict permissions when granting an access token.
        public let scopes: [String]?

        @inlinable
        public init(clientName: String, clientType: String, entitledApplicationArn: String? = nil, grantTypes: [String]? = nil, issuerUrl: String? = nil, redirectUris: [String]? = nil, scopes: [String]? = nil) {
            self.clientName = clientName
            self.clientType = clientType
            self.entitledApplicationArn = entitledApplicationArn
            self.grantTypes = grantTypes
            self.issuerUrl = issuerUrl
            self.redirectUris = redirectUris
            self.scopes = scopes
        }

        private enum CodingKeys: String, CodingKey {
            case clientName = "clientName"
            case clientType = "clientType"
            case entitledApplicationArn = "entitledApplicationArn"
            case grantTypes = "grantTypes"
            case issuerUrl = "issuerUrl"
            case redirectUris = "redirectUris"
            case scopes = "scopes"
        }
    }

    public struct RegisterClientResponse: AWSDecodableShape {
        /// An endpoint that the client can use to request authorization.
        public let authorizationEndpoint: String?
        /// The unique identifier string for each client. This client uses this identifier to get authenticated by the service in subsequent calls.
        public let clientId: String?
        /// Indicates the time at which the clientId and clientSecret were issued.
        public let clientIdIssuedAt: Int64?
        /// A secret string generated for the client. The client will use this string to get authenticated by the service in subsequent calls.
        public let clientSecret: String?
        /// Indicates the time at which the clientId and clientSecret will become invalid.
        public let clientSecretExpiresAt: Int64?
        /// An endpoint that the client can use to create tokens.
        public let tokenEndpoint: String?

        @inlinable
        public init(authorizationEndpoint: String? = nil, clientId: String? = nil, clientIdIssuedAt: Int64? = nil, clientSecret: String? = nil, clientSecretExpiresAt: Int64? = nil, tokenEndpoint: String? = nil) {
            self.authorizationEndpoint = authorizationEndpoint
            self.clientId = clientId
            self.clientIdIssuedAt = clientIdIssuedAt
            self.clientSecret = clientSecret
            self.clientSecretExpiresAt = clientSecretExpiresAt
            self.tokenEndpoint = tokenEndpoint
        }

        private enum CodingKeys: String, CodingKey {
            case authorizationEndpoint = "authorizationEndpoint"
            case clientId = "clientId"
            case clientIdIssuedAt = "clientIdIssuedAt"
            case clientSecret = "clientSecret"
            case clientSecretExpiresAt = "clientSecretExpiresAt"
            case tokenEndpoint = "tokenEndpoint"
        }
    }

    public struct SlowDownException: AWSErrorShape {
        /// Single error code. For this exception the value will be slow_down.
        public let error: String?
        /// Human-readable text providing additional information, used to assist the client developer in understanding the error that occurred.
        public let errorDescription: String?

        @inlinable
        public init(error: String? = nil, errorDescription: String? = nil) {
            self.error = error
            self.errorDescription = errorDescription
        }

        private enum CodingKeys: String, CodingKey {
            case error = "error"
            case errorDescription = "error_description"
        }
    }

    public struct StartDeviceAuthorizationRequest: AWSEncodableShape {
        /// The unique identifier string for the client that is registered with IAM Identity Center. This value should come from the persisted result of the RegisterClient API operation.
        public let clientId: String
        /// A secret string that is generated for the client. This value should come from the persisted result of the RegisterClient API operation.
        public let clientSecret: String
        /// The URL for the Amazon Web Services access portal. For more information, see Using the Amazon Web Services access portal in the IAM Identity Center User Guide.
        public let startUrl: String

        @inlinable
        public init(clientId: String, clientSecret: String, startUrl: String) {
            self.clientId = clientId
            self.clientSecret = clientSecret
            self.startUrl = startUrl
        }

        private enum CodingKeys: String, CodingKey {
            case clientId = "clientId"
            case clientSecret = "clientSecret"
            case startUrl = "startUrl"
        }
    }

    public struct StartDeviceAuthorizationResponse: AWSDecodableShape {
        /// The short-lived code that is used by the device when polling for a session token.
        public let deviceCode: String?
        /// Indicates the number of seconds in which the verification code will become invalid.
        public let expiresIn: Int?
        /// Indicates the number of seconds the client must wait between attempts when polling for a session.
        public let interval: Int?
        /// A one-time user verification code. This is needed to authorize an in-use device.
        public let userCode: String?
        /// The URI of the verification page that takes the userCode to authorize the device.
        public let verificationUri: String?
        /// An alternate URL that the client can use to automatically launch a browser. This process skips the manual step in which the user visits the verification page and enters their code.
        public let verificationUriComplete: String?

        @inlinable
        public init(deviceCode: String? = nil, expiresIn: Int? = nil, interval: Int? = nil, userCode: String? = nil, verificationUri: String? = nil, verificationUriComplete: String? = nil) {
            self.deviceCode = deviceCode
            self.expiresIn = expiresIn
            self.interval = interval
            self.userCode = userCode
            self.verificationUri = verificationUri
            self.verificationUriComplete = verificationUriComplete
        }

        private enum CodingKeys: String, CodingKey {
            case deviceCode = "deviceCode"
            case expiresIn = "expiresIn"
            case interval = "interval"
            case userCode = "userCode"
            case verificationUri = "verificationUri"
            case verificationUriComplete = "verificationUriComplete"
        }
    }

    public struct UnauthorizedClientException: AWSErrorShape {
        /// Single error code. For this exception the value will be unauthorized_client.
        public let error: String?
        /// Human-readable text providing additional information, used to assist the client developer in understanding the error that occurred.
        public let errorDescription: String?

        @inlinable
        public init(error: String? = nil, errorDescription: String? = nil) {
            self.error = error
            self.errorDescription = errorDescription
        }

        private enum CodingKeys: String, CodingKey {
            case error = "error"
            case errorDescription = "error_description"
        }
    }

    public struct UnsupportedGrantTypeException: AWSErrorShape {
        /// Single error code. For this exception the value will be unsupported_grant_type.
        public let error: String?
        /// Human-readable text providing additional information, used to assist the client developer in understanding the error that occurred.
        public let errorDescription: String?

        @inlinable
        public init(error: String? = nil, errorDescription: String? = nil) {
            self.error = error
            self.errorDescription = errorDescription
        }

        private enum CodingKeys: String, CodingKey {
            case error = "error"
            case errorDescription = "error_description"
        }
    }
}

// MARK: - Errors

/// Error enum for SSOOIDC
public struct SSOOIDCErrorType: AWSErrorType {
    enum Code: String {
        case accessDeniedException = "AccessDeniedException"
        case authorizationPendingException = "AuthorizationPendingException"
        case expiredTokenException = "ExpiredTokenException"
        case internalServerException = "InternalServerException"
        case invalidClientException = "InvalidClientException"
        case invalidClientMetadataException = "InvalidClientMetadataException"
        case invalidGrantException = "InvalidGrantException"
        case invalidRedirectUriException = "InvalidRedirectUriException"
        case invalidRequestException = "InvalidRequestException"
        case invalidRequestRegionException = "InvalidRequestRegionException"
        case invalidScopeException = "InvalidScopeException"
        case slowDownException = "SlowDownException"
        case unauthorizedClientException = "UnauthorizedClientException"
        case unsupportedGrantTypeException = "UnsupportedGrantTypeException"
    }

    private let error: Code
    public let context: AWSErrorContext?

    /// initialize SSOOIDC
    public init?(errorCode: String, context: AWSErrorContext) {
        guard let error = Code(rawValue: errorCode) else { return nil }
        self.error = error
        self.context = context
    }

    internal init(_ error: Code) {
        self.error = error
        self.context = nil
    }

    /// return error code string
    public var errorCode: String { self.error.rawValue }

    /// You do not have sufficient access to perform this action.
    public static var accessDeniedException: Self { .init(.accessDeniedException) }
    /// Indicates that a request to authorize a client with an access user session token is pending.
    public static var authorizationPendingException: Self { .init(.authorizationPendingException) }
    /// Indicates that the token issued by the service is expired and is no longer valid.
    public static var expiredTokenException: Self { .init(.expiredTokenException) }
    /// Indicates that an error from the service occurred while trying to process a request.
    public static var internalServerException: Self { .init(.internalServerException) }
    /// Indicates that the clientId or clientSecret in the request is invalid. For example, this can occur when a client sends an incorrect clientId or an expired clientSecret.
    public static var invalidClientException: Self { .init(.invalidClientException) }
    /// Indicates that the client information sent in the request during registration is invalid.
    public static var invalidClientMetadataException: Self { .init(.invalidClientMetadataException) }
    /// Indicates that a request contains an invalid grant. This can occur if a client makes a CreateToken request with an invalid grant type.
    public static var invalidGrantException: Self { .init(.invalidGrantException) }
    /// Indicates that one or more redirect URI in the request is not supported for this operation.
    public static var invalidRedirectUriException: Self { .init(.invalidRedirectUriException) }
    /// Indicates that something is wrong with the input to the request. For example, a required parameter might be missing or out of range.
    public static var invalidRequestException: Self { .init(.invalidRequestException) }
    /// Indicates that a token provided as input to the request was issued by and is only usable by calling IAM Identity Center endpoints in another region.
    public static var invalidRequestRegionException: Self { .init(.invalidRequestRegionException) }
    /// Indicates that the scope provided in the request is invalid.
    public static var invalidScopeException: Self { .init(.invalidScopeException) }
    /// Indicates that the client is making the request too frequently and is more than the service can handle.
    public static var slowDownException: Self { .init(.slowDownException) }
    /// Indicates that the client is not currently authorized to make the request. This can happen when a clientId is not issued for a public client.
    public static var unauthorizedClientException: Self { .init(.unauthorizedClientException) }
    /// Indicates that the grant type in the request is not supported by the service.
    public static var unsupportedGrantTypeException: Self { .init(.unsupportedGrantTypeException) }
}

extension SSOOIDCErrorType: AWSServiceErrorType {
    public static let errorCodeMap: [String: AWSErrorShape.Type] = [
        "AccessDeniedException": SSOOIDC.AccessDeniedException.self,
        "AuthorizationPendingException": SSOOIDC.AuthorizationPendingException.self,
        "ExpiredTokenException": SSOOIDC.ExpiredTokenException.self,
        "InternalServerException": SSOOIDC.InternalServerException.self,
        "InvalidClientException": SSOOIDC.InvalidClientException.self,
        "InvalidClientMetadataException": SSOOIDC.InvalidClientMetadataException.self,
        "InvalidGrantException": SSOOIDC.InvalidGrantException.self,
        "InvalidRedirectUriException": SSOOIDC.InvalidRedirectUriException.self,
        "InvalidRequestException": SSOOIDC.InvalidRequestException.self,
        "InvalidRequestRegionException": SSOOIDC.InvalidRequestRegionException.self,
        "InvalidScopeException": SSOOIDC.InvalidScopeException.self,
        "SlowDownException": SSOOIDC.SlowDownException.self,
        "UnauthorizedClientException": SSOOIDC.UnauthorizedClientException.self,
        "UnsupportedGrantTypeException": SSOOIDC.UnsupportedGrantTypeException.self
    ]
}

extension SSOOIDCErrorType: Equatable {
    public static func == (lhs: SSOOIDCErrorType, rhs: SSOOIDCErrorType) -> Bool {
        lhs.error == rhs.error
    }
}

extension SSOOIDCErrorType: CustomStringConvertible {
    public var description: String {
        return "\(self.error.rawValue): \(self.message ?? "")"
    }
}
